Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

McDonald's-Themed Attack No Happy Meal

As the economy slumps and the holiday season arrives malware schemers are weaving together various timely social trends to target new attacks at end users.
In one such new iteration of the activity, researchers at PandaLabs have isolated a P2P worm virus making the rounds in a campaign that marries the

As the economy slumps and the holiday season arrives malware schemers are weaving together various timely social trends to target new attacks at end users.

In one such new iteration of the activity, researchers at PandaLabs have isolated a P2P worm virus making the rounds in a campaign that marries the time-honored holiday celebration angle with discount-driven dining options. Disguised as a special holiday coupon deal offering freebies at McDonald's, the attack instead infects affected machines with the P2PShared.U worm.

See now, if you're like me and you hate both shameless holiday-themed consumerist drivel and McD's, you're probably immune from this one (Bah-hamburg...). But, with people looking to squeeze the most out of every dollar during this giving season being carried out amid financial crisis, you have to think that there are a lot of people who might swallow the bait. (forgive me, please).

Once a user opens the involved attachment, the virus file installs itself on their computer and then copies itself to folders of various P2P file-sharing programs like eMule, LimeWire and Morpheus, with names relating to security software, image editing programs and program cracks, PandaLabs said.

Thereafter, any affected user that tries to download any of the involved P2P applications also infects their PC with yet another copy of the worm. Once on the computer, the worm sends out e-mails with the same subject themes and appearance to other users.

PandaLabs contends that the attackers likely saw McDonald's recent financial good news and were inspired to piggyback on it as the economy has apparently driven more people to stuff themselves with MSG-laden burger treats. (Personally I go for Wendy's)

To fool users into believing that the e-mail-borne attack is coming from an authentic source, the attackers have spoofed the"mcdonalds.com" domain and even gone to the trouble of including a drop-down menu for users to choose the country that they are located in. PandaLabs contends that both engineering twists are intended to convince end users that the threats do in fact come from McDonald's, a truly multi-national company.

However, I'm also left wondering if, as in other recent attacks, the people behind the campaign are also trying to protect themselves from having people in their own regions take the bait and therein increase the likelihood that they may be caught by local authorities. Attackers out of Russia and China appear to be using this angle quite a bit lately, and it would appear to be a pretty smart maneuver as it keeps them more distant from potential pursuants.

In addition to the McDonald's ploy, P2PShared.U worm is also making the rounds disguised as a holiday Hallmark e-Card, using the same process of infected attachment, the company said.

So, the moral is, avoid any unsolicited offers of holiday cheer or fast food and save yourself a lot of heartburn.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.